[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3664 - trunk/OpenDNSSEC/libhsm/src

Jakob Schlyter jakob at kirei.se
Fri Aug 6 14:20:42 CEST 2010


Author: jakob
Date: 2010-08-06 14:20:42 +0200 (Fri, 06 Aug 2010)
New Revision: 3664

Modified:
   trunk/OpenDNSSEC/libhsm/src/libhsm.c
   trunk/OpenDNSSEC/libhsm/src/libhsm.h
Log:
next set of changes to be able to handle private keys only

Modified: trunk/OpenDNSSEC/libhsm/src/libhsm.c
===================================================================
--- trunk/OpenDNSSEC/libhsm/src/libhsm.c	2010-08-06 11:56:36 UTC (rev 3663)
+++ trunk/OpenDNSSEC/libhsm/src/libhsm.c	2010-08-06 12:20:42 UTC (rev 3664)
@@ -470,7 +470,7 @@
 static void
 hsm_config_default(hsm_config_t *config)
 {
-    config->privkey_only = 0;
+    config->use_pubkey = 1;
 }
 
 /* creates a session_t structure, and automatically adds and initializes
@@ -795,33 +795,30 @@
     CK_RV rv;
     CK_ULONG modulus_bits;
 
+    /* Template for both public & private keys */
     CK_ATTRIBUTE template[] = {
         {CKA_MODULUS_BITS, &modulus_bits, sizeof(CK_KEY_TYPE)}
     };
 
-#if 0
+    /* Template for both private keys only */
     CK_ATTRIBUTE template2[] = {
         {CKA_MODULUS, NULL, 0}
     };
-#endif
 
-#if 0
-    if ("Use public key") {
-#endif
-    rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_GetAttributeValue(
-                                      session->session,
-                                      key->public_key,
-                                      template,
-                                      1);
-    if (hsm_pkcs11_check_error(ctx, rv,
-                               "Get attr value algorithm type")) {
-        return 0;
-    }
-
-    if ((CK_ULONG)template[0].ulValueLen < 1) {
-        return 0;
-    }
-#if 0
+    if (session->module->config->use_pubkey) {
+        rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_GetAttributeValue(
+                                          session->session,
+                                          key->public_key,
+                                          template,
+                                          1);
+        if (hsm_pkcs11_check_error(ctx, rv,
+                                   "Get attr value algorithm type")) {
+            return 0;
+        }
+    
+        if ((CK_ULONG)template[0].ulValueLen < 1) {
+            return 0;
+        }
     } else {
         rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_GetAttributeValue(
                                           session->session,
@@ -834,7 +831,6 @@
 
         modulus_bits = template2[0].ulValueLen * 8;
     }
-#endif
 
     return modulus_bits;
 }
@@ -1013,18 +1009,17 @@
     key = hsm_key_new();
     key->module = session->module;
     key->private_key = object;
-#if 0
-    if ("Use public key") {
-#endif
-    key->public_key = hsm_find_object_handle_for_id(
-                          ctx,
-                          session,
-                          CKO_PUBLIC_KEY,
-                          id,
-                          len);
-#if 0
+    
+    if (session->module->config->use_pubkey) {
+        key->public_key = hsm_find_object_handle_for_id(
+                              ctx,
+                              session,
+                              CKO_PUBLIC_KEY,
+                              id,
+                              len);
+    } else {
+        key->public_key = 0;
     }
-#endif
 
     free(id);
     return key;
@@ -1245,15 +1240,11 @@
         return NULL;
     }
 
-#if 0
-    if ("Use public key") {
-#endif
+    if (session->module->config->use_pubkey) {
         hKey = key->public_key;
-#if 0
     } else {
         hKey = key->private_key;
     }
-#endif
 
     rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_GetAttributeValue(
                                       session->session,
@@ -1979,11 +1970,9 @@
      * of the id */
     hsm_hex_unparse(id_str, id, 16);
 
-#if 0
-    if ("Not use public key") {
+    if (! session->module->config->use_pubkey) {
         ctoken = CK_FALSE;
     }
-#endif
 
     CK_ATTRIBUTE publicKeyTemplate[] = {
         { CKA_LABEL,(CK_UTF8CHAR*) id_str,   strlen(id_str)   },
@@ -2022,13 +2011,13 @@
 
     new_key = hsm_key_new();
     new_key->module = session->module;
-#if 0
-    if ("Use public key") {
-#endif
-    new_key->public_key = publicKey;
-#if 0
+
+    if (session->module->config->use_pubkey) {
+        new_key->public_key = publicKey;        
+    } else {
+        new_key->public_key = 0;        
     }
-#endif
+
     new_key->private_key = privateKey;
     return new_key;
 }
@@ -2051,20 +2040,15 @@
     }
     key->private_key = 0;
 
-#if 0
-    if ("Use public key") {
-#endif
-    rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_DestroyObject(session->session,
-                                               key->public_key);
-    if (hsm_pkcs11_check_error(ctx, rv, "Destroy public key")) {
-        return -4;
+    if (session->module->config->use_pubkey) {
+        rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_DestroyObject(session->session,
+                                                   key->public_key);
+        if (hsm_pkcs11_check_error(ctx, rv, "Destroy public key")) {
+            return -4;
+        }
     }
     key->public_key = 0;
-#if 0
-    }
-#endif
 
-
     return 0;
 }
 
@@ -2637,13 +2621,11 @@
             printf("key:\n");
             printf("\tmodule: %p\n", (void *) key->module);
             printf("\tprivkey handle: %u\n", (unsigned int) key->private_key);
-#if 0
-            if ("Use public key") {
-#endif
-            printf("\tpubkey handle: %u\n", (unsigned int) key->public_key);
-#if 0
+            if (key->module->config->use_pubkey) {
+                printf("\tpubkey handle: %u\n", (unsigned int) key->public_key);
+            } else {
+                printf("\tpubkey handle: %s\n", "NULL");
             }
-#endif
             printf("\trepository: %s\n", key->module->name);
             printf("\talgorithm: %s\n", key_info->algorithm_name);
             printf("\tsize: %lu\n", key_info->keysize);

Modified: trunk/OpenDNSSEC/libhsm/src/libhsm.h
===================================================================
--- trunk/OpenDNSSEC/libhsm/src/libhsm.h	2010-08-06 11:56:36 UTC (rev 3663)
+++ trunk/OpenDNSSEC/libhsm/src/libhsm.h	2010-08-06 12:20:42 UTC (rev 3664)
@@ -52,7 +52,7 @@
 
 /*! HSM configuration */
 typedef struct {
-    unsigned int privkey_only;   /*!< Use private keys only */
+    unsigned int use_pubkey  ;   /*!< Maintain public keys in HSM */
 } hsm_config_t;
 
 /*! Data type to describe an HSM */




More information about the Opendnssec-commits mailing list